Q&A: Tiversa co-founder talks about P2P leak
Company CEO, Sam Hopkins, on how government blueprints and avionics for President Obama's helicopter wound up at an IP address in Tehran.
Updated at 3 p.m. PST: An earlier version of this report misidentified Sam Hopkins' position at the company. He is chief technology officer and a co-founder.
Earlier this weekend, I pointed to a report that a Pittsburgh area Internet security firm had discovered a file containing government blueprints and avionics for President Obama's helicopter on an IP address in Tehran.
During a traffic analysis, the company, Tiversa, headquartered in Cranberry Township, found that one particular file was actively being shared via a P2P protocol. On Sunday, I spoke by phone with the company's co-founder and chief technology officer, Sam Hopkins. Here's what he had to say.
Question: What tipped your team off to the possibility of classified information being leaked to outsiders?
Hopkins: Let me first back up and offer some perspective. There are millions of people who in the last couple years have installed P2P software to share their hard drives...You may go to a hospital and give me your Social Security number and your name and address. That hospital may have the best information protections in the universe, but then they give that information to a billing company and that company accidentally leaks it. This happens all the time. In this case, we weren't actively looking for this, but (the information) came back to our data center and matched one of our signatures which we then analyzed.
Q: Talk about the chronology. When did your team first pick up on the leak?
Hopkins: Around the October to November (2008) time frame. We get about 100,000 or 200,000 confidential files that we bring back and if we find something really bad, we will contact that company and say that your information is out there on a peer-to-peer network. In this case, it was over in Iran, where they were actively trolling for information. We notified the defense contractor and they went through their steps to notify the Department of Defense.
Q: And it was a P2P connection that led to the leak?
Hopkins: It was on the Gnutella network. Someone installed it and it may have been a buggy client. All it takes is for someone to say, "Hey, do you have anything on this client?" and it gets downloaded. We see 50 of those a day. There was a large publicly traded company which accidentally just disclosed all their forecasts and M&A plans throughout 2009. A person leaked all his files and all his internal e-mail conversations as well as his calendar and all his contact information.
Q: In this case your company is reporting, what information was breached?
Hopkins: The entire avionics system of the president's helicopter, and various upgrades by contractors.
Q: So your team concluded that the materials fell into the hands of Iran. Is it possible that other actors also are trying to take advantage of similar openings in the system?
Hopkins: Heck yeah. Every nation does that. We see information flying out there to Iran, China, Syria, Qatar--you name it. There's so much out there that sometimes we can't keep up with it.
Q: I would have assumed military contractors would use more secure networks to communicate.
Hopkins: Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised.
Q: This is what your company specializes in, obviously, but what's your professional opinion about the extent of this sort of thing?
Hopkins: This is the biggest security problem of all time. Coming from me, it sounds biased. But you can get 40,000 Social Security numbers out there at the drop of a hat. We've had people come into our data center and we've shown them things that are out there on P2P and they go away with their minds blown.